QID 591420

QID 591420: Siemens ZombieLoad and Microarchitectural Data Sampling Vulnerabilities (SSA-616472)

AFFECTED PRODUCTS
SIMATIC Field PG M4: All BIOS versions prior to V18.01.09
SIMATIC Field PG M5: All BIOS versions prior to V22.01.07
SIMATIC Field PG M6: All BIOS versions prior to V26.01.05
SIMATIC IPC127E: All BIOS versions prior to V27.01.04
SIMATIC IPC2X7E: All BIOS versions prior to V20.01.13
SIMATIC IPC3000 SMART V2: All versions prior to V1.7
SIMATIC IPC327E: All BIOS versions prior to V1.7
SIMATIC IPC347E: All versions prior to V1.7
SIMATIC IPC377E: All BIOS versions prior to V1.7
SIMATIC IPC427C: All versions
SIMATIC IPC427D (incl. SIPLUS variants): All BIOS versions prior to V17.0X.16
SIMATIC IPC427E (incl. SIPLUS variants): All BIOS versions prior to V21.01.11
SIMATIC IPC477C: All versions
SIMATIC IPC477D: All BIOS versions prior to V17.0X.16
SIMATIC IPC477E: All BIOS versions prior to V21.01.11
SIMATIC IPC477E Pro: All BIOS versions prior to V21.01.11
SIMATIC IPC527G: All BIOS versions prior to V1.3.0
SIMATIC IPC547E: All BIOS versions prior to R1.33
SIMATIC IPC547G: All BIOS versions prior to R1.24.0
SIMATIC IPC627C: All versions
SIMATIC IPC627D: All BIOS versions prior to V19.02.12
SIMATIC IPC627E: All BIOS versions prior to V25.02.04
SIMATIC IPC647C: All versions
SIMATIC IPC647D: All BIOS versions prior to V19.01.15
SIMATIC IPC647E: All BIOS versions prior to V25.02.04
SIMATIC IPC677C: All versions
SIMATIC IPC677D: All BIOS versions prior to V19.02.12
SIMATIC IPC677E: All BIOS versions prior to V25.02.04
SIMATIC IPC827C: All versions
SIMATIC IPC827D: All BIOS versions prior to V19.02.12
SIMATIC IPC847C: All versions
SIMATIC IPC847D: All BIOS versions prior to V19.01.15
SIMATIC IPC847E: All BIOS versions prior to V25.02.04
SIMATIC ITP1000: All BIOS versions prior to V23.01.06
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP(MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant): All versions prior to V2.8.4Update to V2.8.4
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0): All versions prior to V2.8.4
SIMOTION P320-4E: All BIOS versions prior to V17.0X.16
SIMOTION P320-4S: All BIOS versions prior to V17.0X.16
SINUMERIK 840 D sl (NCU720.3B, NCU730.3B,NCU720.3, NCU730.3): All versions
SINUMERIK PCU 50.5: All versions
SINUMERIK Panels with integrated TCU: All versions released
SINUMERIK TCU 30.3: All versions

QID Detection Logic:
This QID checks for the Vulnerable version of Siemens-affected products using passive scanning.

Successful exploitation of this vulnerability can lead to the disclosure of sensitive information.

  • CVSS V3 rated as Medium - 5.6 severity.
  • CVSS V2 rated as Medium - 4.7 severity.
    • Solution

    Customers are advised to refer to Siemens MITIGATIONS section SSA-616472 for affected packages and patching details.Workaround:
    The vendor has advised the following workarounds:
    As a prerequisite for an attack, an attacker must be able to run untrusted code on affected systems.
    Siemens recommends limiting the possibilities to run untrusted code if possible

    Vendor References

    CVEs related to QID 591420

    CVE-2018-12126 | CVE-2018-12127 | CVE-2018-12130 | CVE-2019-11091 |
    Software Advisories
    Advisory ID Software Component Link
    SSA-616472 URL Logo cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].